EP2989579A1 - Redundant system boot code in a secondary non-volatile memory - Google Patents

Redundant system boot code in a secondary non-volatile memory

Info

Publication number
EP2989579A1
EP2989579A1 EP13882693.8A EP13882693A EP2989579A1 EP 2989579 A1 EP2989579 A1 EP 2989579A1 EP 13882693 A EP13882693 A EP 13882693A EP 2989579 A1 EP2989579 A1 EP 2989579A1
Authority
EP
European Patent Office
Prior art keywords
volatile memory
controller
boot code
processor
compromised
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
EP13882693.8A
Other languages
German (de)
French (fr)
Other versions
EP2989579A4 (en
EP2989579B1 (en
Inventor
Richard H. Hodge
Jeffrey Kevin Jeansonne
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hewlett Packard Development Co LP
Original Assignee
Hewlett Packard Development Co LP
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Development Co LP filed Critical Hewlett Packard Development Co LP
Publication of EP2989579A1 publication Critical patent/EP2989579A1/en
Publication of EP2989579A4 publication Critical patent/EP2989579A4/en
Application granted granted Critical
Publication of EP2989579B1 publication Critical patent/EP2989579B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • G06F13/40Bus structure
    • G06F13/4004Coupling between buses
    • G06F13/4027Coupling between buses using bus bridges
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1415Saving, restoring, recovering or retrying at system level
    • G06F11/1417Boot up procedures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • G06F13/40Bus structure
    • G06F13/4004Coupling between buses
    • G06F13/4022Coupling between buses using switching circuits, e.g. switching matrix, connection or expansion network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/061Improving I/O performance
    • G06F3/0613Improving I/O performance in relation to throughput
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0655Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
    • G06F3/0656Data buffering arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/0671In-line storage system
    • G06F3/0683Plurality of storage devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4406Loading of operating system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/2053Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where persistent mass storage functionality or persistent mass storage control functionality is redundant
    • G06F11/2094Redundant storage or storage space

Definitions

  • a computing system can include code to perform various startup functions of the computing system.
  • This code can include Basic Input/Output System (BIOS) code.
  • BIOS code can be the subject of attacks by malware in the computing system or from an external service. As a result of an attack, the BIOS code can become compromised.
  • Fig. 1 is a block diagram of an example system according to some embodiments.
  • Fig. 2 is a flow diagram of a system boot code recovery process according to some implementations.
  • Fig. 3 is a block diagram of another example system according to further implementations.
  • Malware attacks on system code used to perform startup of a computing system can cause the integrity of the computing system to be compromised such that unauthorized access and operations in the computing system can occur.
  • compromised system code can allow covert remote monitoring and/or control of the computing system by a malicious entity, unauthorized access and/or modification of data in the computing system by malware, disablement of the computing system, and so forth.
  • Compromised system code can refer to system code that has been corrupted such that the system code is no longer usable, or alternatively, compromised system code can refer to system code that has been changed in some way but that is still able to execute. Note that system code can also be compromised accidentally or intentionally.
  • a protection mechanism can be provided in a computing system to protect the system code, such protection mechanism may become compromised under certain conditions, which can subject the system code to malware attacks.
  • System code used to perform startup of a computing system can include system firmware, which can be in the form of machine-readable instructions executable on a processor (or processors) of the computing system.
  • System firmware can cover any machine-readable instructions that are able to perform startup of a computing system. Examples of computing systems include desktop computers, notebook computers, tablet computers, personal digital assistants (PDAs), smartphones, game appliances, server computers, storage nodes, network communication nodes, and so forth.
  • System firmware can include Basic Input/Output System (BIOS) code, which can initialize various components of the computing system, and load an operating system (OS) of the computing system.
  • BIOS code can perform checking of hardware components to ensure that the hardware components are present and functioning properly. This can be part of a power-on self-test (POST) procedure, for example. After the POST procedure, the BIOS code can progress through the remainder of a booting sequence, after which the BIOS code can load and pass control to the OS.
  • BIOS code can include legacy BIOS code or Unified Extensible Firmware Interface (UEFI) code.
  • UEFI Unified Extensible Firmware Interface
  • the BIOS code can include a runtime portion that is executed after the OS loads.
  • the system firmware can be stored in non-volatile memory, such as a flash memory or any other persistent memory that is programmable. Once system firmware in a non-volatile memory is compromised, one possible remediation may involve physically replacing a component that includes the non-volatile memory. Such a technique of addressing compromised system firmware can be labor- intensive, costly, and time-consuming.
  • a secondary non-volatile memory can be provided that is in addition to a primary non-volatile memory that stores a primary version of the system firmware. The secondary non-volatile memory can store a redundant version of the system firmware. If the system firmware in the primary non-volatile memory becomes compromised, then the system firmware in the secondary non-volatile memory can be used instead.
  • system firmware can refer to any code that can boot a computing system after restart or can resume the computing system from a low power state.
  • Fig. 1 is a block diagram of an example computing system 100 that includes an embedded controller 102, a primary non-volatile memory 104, a processor 106, and a secondary non-volatile memory 1 16.
  • the primary non-volatile memory 104 can store a primary version of system firmware (referred to as "primary system firmware” 107), which can include BIOS code.
  • the secondary non-volatile memory 106 can store a redundant version of the system firmware (referred to as "redundant system firmware" 1 14).
  • the redundant system firmware 1 14 may be an identical copy of the primary system firmware 107, or alternatively, the redundant system firmware 1 14 may be different from the primary system firmware 107 (for example, the redundant system firmware 109 can be an earlier or later version of the system firmware).
  • the secondary non-volatile memory 1 16 can be physically separate from the primary non-volatile memory 104 (such as implemented as different physical memory devices). Alternatively, the primary non-volatile memory 104 and the secondary non-volatile memory 1 16 can physically reside on a common memory device, but the primary non-volatile memory 104 and the secondary non-volatile memory 1 16 are in different segments of the physical memory device.
  • a switch logic 108 is also provided to selectively connect one of the primary non-volatile memory 104 and secondary non-volatile memory 1 16 to a shared bus 120.
  • the shared bus 120 is accessible by the embedded controller 102 and the processor 106.
  • an input/output (I/O) controller may be provided between the processor 106 and the shared bus 120.
  • the switch logic 108 is connected over a first link 1 10 to the primary nonvolatile memory 104, and over a second link 1 12 to the secondary non-volatile memory 1 16.
  • the switch logic 108 is controlled by a select signal 122 from the embedded controller 102.
  • the switch logic 108 can be a
  • the switch logic 108 connects the shared bus 120 and the first link 1 10, such that the primary non-volatile memory 104 is accessible over the shared bus 120. If the select signal 122 is at a second, different state, then the switch logic 108 connects the shared bus 120 and the second link 1 12, such that the secondary non-volatile memory 1 16 is accessible over the shared bus 120.
  • the connected one of the primary and secondary non-volatile memories 104 and 1 16 is a shared non-volatile memory.
  • the non-volatile memory is "shared" in the sense that it is accessible by multiple entities, including the embedded controller 102 and at least one other entity
  • the other non-volatile memory that is not connected by the switch logic 108 to the shared bus 120 is inaccessible over the shared bus 120.
  • the secondary non-volatile memory 1 16 can be connected to the embedded controller 102 over a private bus 124.
  • the private bus 124 can be used by the embedded controller 102 to copy the redundant system firmware 1 14 (and system data) to the secondary non-volatile memory 1 16 during provisioning of the computing system 100 (such as at the factory or at a service site).
  • the private bus 124 is omitted.
  • the default configuration of the computing system 100 can be one where the switch logic 108 is controlled by the embedded controller 102 to connect the primary non-volatile memory 104 to the shared bus 120, while the secondary non-volatile memory 1 16 is isolated from the shared bus 120 by the switch logic 108.
  • the primary system firmware 107 is retrievable by the processor 106 and can be executed on the processor 106 to perform system boot or resume.
  • the secondary non-volatile memory 1 16 is accessible by the embedded controller 102, but is inaccessible to the processor 106 or to other components in the computing system 100. Making the secondary non-volatile memory 1 16 inaccessible to the processor 106 and other components in the default configuration protects the content of the secondary non-volatile memory 1 16 from unauthorized tampering.
  • the embedded controller 102 can perform various actions. First, in some implementations, the embedded controller 102 attempts to recover from the compromised system firmware 107 in the primary non-volatile memory 104 by copying the redundant system firmware 1 14 from the secondary non-volatile memory 1 16 to the primary non-volatile memory 104, to replace the compromised system firmware 107 with the redundant system firmware 1 14.
  • an error or fault in the computing system 100 may prevent the recovery of the system firmware 107 in the primary non-volatile memory 104.
  • the error or fault in the computing system 100 may have contributed to the detection of compromise of the primary system firmware 107.
  • the state of the select signal 122 can be changed to connect the secondary non-volatile memory 1 16 to the shared bus 120, and to isolate the primary non-volatile memory 104 from the shared bus 120.
  • Such a configuration can be referred to as a "secondary
  • the redundant system firmware 1 14 is retrievable by the processor 106 and can be executed on the processor 106.
  • the embedded controller 102 may detect that the recovery of the compromised system firmware 107 is not possible if the embedded controller 102 determines that the embedded controller 102 is unable to successfully write the redundant system firmware 1 14 to the primary non-volatile memory 104, such as due to fault of the primary non-volatile memory 104 or the link 1 10.
  • the embedded controller 102 may detect that the recovery of the compromised system firmware 107 is not possible if the embedded controller 102 performs a recovery operation (to copy the redundant system firmware 1 14 to the primary system firmware 107), and following this recovery operation, the embedded controller 102 again detects that the primary system firmware 107 is still compromised.
  • just one entity can have access to the shared bus 120 at any given time, such that just one entity can access the shared nonvolatile memory (the one of the primary and secondary non-volatile memories that is connected to the shared bus 120) at a time.
  • the shared bus 120 is a shared Serial Peripheral Interface (SPI) bus.
  • SPI Serial Peripheral Interface
  • An SPI bus is a synchronous serial data link in which devices on the SPI bus operate in a master-slave mode.
  • another type of shared bus 120 can be used.
  • an arbitration mechanism can be provided to allow for shared access of the bus 120 in various states of the computing system, including a low power state and a normal runtime state.
  • the system firmware 107 or 1 14 can include a boot block.
  • the boot block is a part of the BIOS code, and is first executed when the computing system 100 starts up. The boot block is executed first before the rest of the BIOS code is allowed to execute. The boot block can be used to check the integrity of the BIOS code as well as to perform other initial functions. If the boot block confirms the integrity of the BIOS code, then the boot block can pass control to the main portion of the BIOS code for initiating the remaining operations associated with the BIOS code.
  • the boot block can include core root of trust for measurement (CRTM) logic, which is logic specified by the Trusted Computing Group (TCG), an industry standard work group.
  • CRTM core root of trust for measurement
  • TCG Trusted Computing Group
  • the CRTM logic can perform certain initialization tasks and can make a number of measurements that are stored for later use.
  • the CRTM logic can then check the BIOS code before passing control to the main portion of the BIOS code. Once the BIOS code completes execution and passes control to the OS, the OS can verify the trustworthiness of the computing system 100 based on measurements taken by the CRTM logic.
  • the embedded controller 102 is physically separate from the processor 106 of the computing system 100.
  • the processor 106 is used for executing the OS, application code, and other code in the system 100.
  • the embedded controller 102 can be used to perform specific predefined tasks.
  • Examples of tasks that can be performed by the embedded controller 102 include any one or some combination of the following: power supply control in the computing system 100 (for controlling a power supply that supplies power supply voltages to various components in the computing system 100), charging and control of a battery in the computing system 100, thermal monitoring (to monitor a temperature in the computing system 100), fan control (to control a fan in the computing system 100), and interaction with a user input device (such as performing a scan of a keyboard of the computing system 100 or interaction with a pointing device such as a mouse, touchpad, touchscreen, and so forth).
  • the embedded controller 102 can be implemented with a microcontroller, an application-specific integrated circuit (ASIC), a programmable gate array (PGA), or any other type of programmable circuit.
  • ASIC application-specific integrated circuit
  • PGA programmable gate array
  • the embedded controller 102 includes a processing circuit 126 that is able to perform the specified tasks of the embedded controller 102.
  • the processing circuit 126 includes hardware circuitry.
  • the processing circuit 126 can execute machine-readable instructions, such as in the form of an embedded controller firmware (EC firmware) or other controller code.
  • EC firmware embedded controller firmware
  • the EC firmware may be initially stored in the primary or secondary non-volatile memory 104 or 1 16, and can be loaded into the embedded controller 102 for execution.
  • controller code executable on the embedded controller 102 can be
  • Fig. 2 is a flow diagram of a process according to some implementations.
  • the processing circuit 126 in the embedded controller 102 determines (at 202), during a period in which the processor 106 is not accessing the primary non-volatile memory 104 (such as due to the processor 106 being disabled or otherwise being idle), whether the primary system firmware 107 stored in the primary non-volatile memory 104 is compromised and the embedded controller 102 is unable to recover the compromised primary system firmware 107 (as discussed above).
  • the processor 106 being disabled refers to the processor 106 being in a powered off state (no power is provided to the main processing part of the processor 106) or in a reset state (e.g. a reset signal to the processor 106 is asserted that prevents the processor 106 from executing machine-readable instructions).
  • the processing circuit 126 changes the state of the select signal 122 to activate (at 204) the switch logic 108 to connect the secondary non-volatile memory 1 16 to the shared bus 120 and to disconnect the primary non-volatile memory 104 from the shared bus 120.
  • the secondary non-volatile memory 1 16 Upon connection by the switch logic 108 to the shared bus 120, the secondary non-volatile memory 1 16 becomes accessible by the processor 106, which can retrieve the redundant system firmware 1 14 from the secondary nonvolatile memory 1 16 for execution (at 206) at the processor 106.
  • the switch logic 108 Upon connection by the switch logic 108 to the shared bus 120, the secondary non-volatile memory 1 16 becomes accessible by the processor 106, which can retrieve the redundant system firmware 1 14 from the secondary nonvolatile memory 1 16 for execution (at 206) at the processor 106.
  • the determination (at 202) of whether system firmware has been compromised can be based on performing verifying of the system firmware.
  • Verifying a piece of code can refer to cryptographically validating that the piece of code has not been changed and/or confirming that the piece of code is from a trusted source.
  • the verifying of the system firmware can be performed by the embedded controller 102 prior to each instance of restarted execution of the system firmware (from the primary or secondary non-volatile memory) by the processor 106, such as due to a cold reset of the computing system 100, a resume from a low power state of the computing system 100, an operating system restart, and so forth. It is noted that the system firmware can also be verified by the embedded controller 102 each time the computing system 100 enters a low power state. In other examples, the embedded controller 102 can also verify the system firmware when the processor 106 remains powered.
  • a low power state of the computing system 100 refers to a state of the computing system 100 in which the processor 106 and certain other hardware components of the system 100 are off (e.g. no power is provided to the main processing part of the processor and certain other hardware components). In the low power state, power can still be provided to the embedded controller 102.
  • the computing system 100 can transition to a low power state in any of the following scenarios: (1 ) as part of a cold reset of the computing system 100 that caused the system 100 to be powered off for subsequent power on, or (2) as part of a power savings procedure, in which the computing system 100 can transition from a normal operating state to a sleep state, hibernation state, or an off state after a time period of inactivity, or in response to detecting a low battery condition, or in response to user or application command, or for another reason, or (3) in any other scenario.
  • Examples of low power states can include certain Advanced Configuration and Power Interface (ACPI) states, including: the ACPI S3 state (which is a form of a standby or sleep state in which the system context of the computing system 100 is maintained in volatile memory that remains powered while some components of the computing system 100 are powered off); the ACPI S4 state (which is a form of hibernation state in which the system context is saved to persistent storage to allow power to be removed from additional computing system components, including volatile memory); and the ACPI S5 state (which is a form of system off state, in which power has been removed from even more components of the computing system 100).
  • ACPI S3 state which is a form of a standby or sleep state in which the system context of the computing system 100 is maintained in volatile memory that remains powered while some components of the computing system 100 are powered off
  • the ACPI S4 state which is a form of hibernation state in which the system context is saved to persistent storage to allow power to be removed from additional computing system components, including volatile memory
  • the ACPI S5 state which is
  • the embedded controller 102 can perform verification of the system firmware in response to a warm reset of the computing system 100, in which a computing system 100 is restarted without removing power to the computing system 100.
  • the computing system 100 can be forced to transition to an appropriate low power state (such as certain ones of the low power states listed above) when the warm reset is detected.
  • the embedded controller 102 can perform the verification at any time, even when the computing system is not in a low power state. For example, the embedded controller 102 can perform the verification when the processor is idle or not accessing the primary non-volatile memory 104. The verification by the embedded controller 102 can also be performed in "real-time," as the system firmware is retrieved for execution by the processor.
  • Fig. 3 is a block diagram of a computing system 100 according to further implementations.
  • the computing system 100 of Fig. 3 includes an input/output (I/O) controller 302, which is connected between the processor 106 and the shared bus 120.
  • the I/O controller 302 can be a Platform Controller Hub (PCH) from Intel Corporation.
  • the PCH can include various functions, including a display interface to a graphics subsystem, a system bus interface to a system bus to which various I/O devices can be connected, and so forth. In other examples, other types of I/O controllers can be used.
  • the embedded controller 102 is coupled to a user input device 301 (e.g. a mouse device or other type of input device), a keyboard 302, a fan 303, a battery 304, and a power supply 305, to manage the respective devices (under control of EC firmware executing in the embedded controller 102).
  • the EC firmware executing in the embedded controller 102 can be loaded from the primary or secondary non-volatile memory 104 or 1 16.
  • the system firmware 107 in the primary non-volatile memory 104 includes a boot block 306.
  • the boot block 306 can include EC firmware 307.
  • the EC firmware 307 can be separate from the system firmware 107.
  • the secondary system firmware 1 14 in the secondary nonvolatile memory 1 16 includes a boot block 308 and EC firmware 309.
  • the embedded controller 102 includes cryptographic hardware 312, which can perform cryptographic computations, such as those used in the verifying of EC firmware and system firmware.
  • the cryptographic hardware 312 can be in the form of circuitry that is configured to perform cryptographic
  • the embedded controller 102 further includes a read-only memory (ROM) 314, which can be used to store a boot loader 316 and an encryption key 318.
  • the encryption key 318 can be the key (public key or private key) used to perform verification of the EC firmware (307 or 309).
  • the boot loader 316 is loaded from the ROM 314 to execute in the embedded controller 102 to retrieve EC firmware from the primary or secondary non-volatile memory 104 or 1 16 into a random access memory (RAM) 319 of the embedded controller 102.
  • the boot loader 316 can take steps to ensure that no other entity except the embedded controller 102 has access to the shared bus 120 during the EC firmware load operation.
  • the boot loader 316 can find a pointer (or other reference) to an EC firmware image, which can be stored in the primary or secondary non-volatile memory 104 or 1 16.
  • the retrieved EC firmware is verified by verification logic in the embedded controller 102, where the verification logic can include functionality in the boot loader 316 that is able to invoke the cryptographic hardware 312 to assist in performing cryptographic computations.
  • the verification of the EC firmware retrieved from a non-volatile memory (104 or 1 16) can be performed during an initialization procedure of the embedded controller 102.
  • An initialization procedure of the embedded controller 102 refers to a procedure that is performed when the embedded controller 102 first starts after the embedded controller 102 has been reset or after a power cycle of the embedded controller 102 (where power is removed from and then re-applied to the embedded controller 102).
  • the EC firmware can verify system firmware (107 or 1 14) prior to each restarted execution of the system firmware by the processor 106.
  • a signature 322 is associated with the EC firmware 108, and a signature 324 is associated with the boot block 306.
  • a signature 340 is associated with the EC firmware 309
  • a signature 342 is associated with the boot block 308.
  • the signature 322 or 340 is used in the verification of the respective EC firmware 307 or 309, while the signature 340 or 342 is used in the verification of the respective boot block 306 or 308.
  • Use of a signature in the verification process can allow a determination of the authenticity of the respective EC firmware or boot block, and a determination that the respective EC firmware or boot block has not been
  • the verification of the EC firmware 307 or 309 can be accomplished by decrypting the respective signature 322 or 340 using the encryption key 318 stored in the embedded controller ROM 314. Decrypting the signature produces a respective value (e.g. hash value) that can be compared with a corresponding calculated value (e.g. hash value) of the EC firmware. If the foregoing values match, then the EC firmware is verified.
  • a similar process can be used for verifying the BIOS boot block 306 or 308 using the respective digital signature 324 or 342.
  • Each of the primary and secondary non-volatile memories 104 and 1 16 can also store system data 336 or 338 that relates to configuration of various aspects of the computing system 100.
  • the system data 336 or 338 can include machine unique data, network interface controller data, layout descriptor data, and so forth.
  • the network interface controller data can include configuration data of a network interface controller (that is used to perform communications over a network).
  • the layout descriptor data can include information that describes a layout of the primary and secondary non-volatile memories 104 and 1 16, and configuration parameters for the I/O controller 302.
  • the machine unique data can refer to any data or settings that are unique to each particular computing system.
  • Examples of machine unique data can include any or some combination of the following: product name, product model, stock- keeping unit (SKU) number (for identifying the respective computing system for sale), a serial number of the computing system, a system or commodity tracking number (for identifying a system board of the computing system), a system
  • SKU stock- keeping unit
  • a computing system is able to continue operation even in the event of a system fault or error that prevents recovery of the system firmware in the primary non-volatile memory. The ability to continue operation does not have to involve manual intervention by a human.
  • Machine-readable instructions such as those executable in the
  • embedded controller 102 or the processor 106 can be loaded from a machine- readable or computer-readable storage medium (or storage media).
  • the storage media can include different forms of memory including semiconductor memory devices such as dynamic or static random access memories (DRAMs or SRAMs), erasable and programmable read-only memories (EPROMs), electrically erasable and programmable read-only memories (EEPROMs) and flash memories; magnetic disks such as fixed, floppy and removable disks; other magnetic media including tape; optical media such as compact disks (CDs) or digital video disks (DVDs); or other types of storage devices.
  • semiconductor memory devices such as dynamic or static random access memories (DRAMs or SRAMs), erasable and programmable read-only memories (EPROMs), electrically erasable and programmable read-only memories (EEPROMs) and flash memories
  • magnetic disks such as fixed, floppy and removable disks
  • other magnetic media including tape optical media such as compact disks (CDs) or digital video disks (DVDs); or other types of storage devices.
  • CDs compact disks
  • DVDs digital video disks
  • Such computer-readable or machine-readable storage medium or media is (are) considered to be part of an article (or article of manufacture).
  • An article or article of manufacture can refer to any manufactured single component or multiple components.
  • the storage medium or media can be located either in the machine running the machine-readable instructions, or located at a remote site from which machine-readable instructions can be downloaded over a network for execution.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Human Computer Interaction (AREA)
  • Mathematical Physics (AREA)
  • Quality & Reliability (AREA)
  • Stored Programmes (AREA)

Abstract

A controller determines whether system boot code stored in a first non-volatile memory is compromised and non-recoverable. In response to determining that the system boot code is compromised and non-recoverable, switch logic is activated to connect a second non-volatile memory to the shared bus and to disconnect the first non-volatile memory from the shared bus.

Description

REDUNDANT SYSTEM BOOT CODE IN A SECONDARY NON-VOLATILE
MEMORY
Background
[0001 ] A computing system can include code to perform various startup functions of the computing system. This code can include Basic Input/Output System (BIOS) code. BIOS code can be the subject of attacks by malware in the computing system or from an external service. As a result of an attack, the BIOS code can become compromised.
Brief Description Of The Drawings
[0002] Some implementations are described with respect to the following figures:
Fig. 1 is a block diagram of an example system according to some
implementations;
Fig. 2 is a flow diagram of a system boot code recovery process according to some implementations; and
Fig. 3 is a block diagram of another example system according to further implementations.
Detailed Description
[0003] Malware attacks on system code used to perform startup of a computing system can cause the integrity of the computing system to be compromised such that unauthorized access and operations in the computing system can occur. For example, compromised system code can allow covert remote monitoring and/or control of the computing system by a malicious entity, unauthorized access and/or modification of data in the computing system by malware, disablement of the computing system, and so forth. Compromised system code can refer to system code that has been corrupted such that the system code is no longer usable, or alternatively, compromised system code can refer to system code that has been changed in some way but that is still able to execute. Note that system code can also be compromised accidentally or intentionally.
[0004] Although a protection mechanism can be provided in a computing system to protect the system code, such protection mechanism may become compromised under certain conditions, which can subject the system code to malware attacks.
[0005] System code used to perform startup of a computing system can include system firmware, which can be in the form of machine-readable instructions executable on a processor (or processors) of the computing system. "System firmware" can cover any machine-readable instructions that are able to perform startup of a computing system. Examples of computing systems include desktop computers, notebook computers, tablet computers, personal digital assistants (PDAs), smartphones, game appliances, server computers, storage nodes, network communication nodes, and so forth.
[0006] System firmware can include Basic Input/Output System (BIOS) code, which can initialize various components of the computing system, and load an operating system (OS) of the computing system. The BIOS code can perform checking of hardware components to ensure that the hardware components are present and functioning properly. This can be part of a power-on self-test (POST) procedure, for example. After the POST procedure, the BIOS code can progress through the remainder of a booting sequence, after which the BIOS code can load and pass control to the OS. BIOS code can include legacy BIOS code or Unified Extensible Firmware Interface (UEFI) code. In some examples, the BIOS code can include a runtime portion that is executed after the OS loads.
[0007] The system firmware can be stored in non-volatile memory, such as a flash memory or any other persistent memory that is programmable. Once system firmware in a non-volatile memory is compromised, one possible remediation may involve physically replacing a component that includes the non-volatile memory. Such a technique of addressing compromised system firmware can be labor- intensive, costly, and time-consuming. [0008] In accordance with some implementations, a secondary non-volatile memory can be provided that is in addition to a primary non-volatile memory that stores a primary version of the system firmware. The secondary non-volatile memory can store a redundant version of the system firmware. If the system firmware in the primary non-volatile memory becomes compromised, then the system firmware in the secondary non-volatile memory can be used instead.
[0009] In the ensuing discussion, although reference is made to "system firmware," it is noted that techniques or mechanisms can be applied to other types of system boot code, where system boot code can refer to any code that can boot a computing system after restart or can resume the computing system from a low power state.
[0010] Fig. 1 is a block diagram of an example computing system 100 that includes an embedded controller 102, a primary non-volatile memory 104, a processor 106, and a secondary non-volatile memory 1 16. The primary non-volatile memory 104 can store a primary version of system firmware (referred to as "primary system firmware" 107), which can include BIOS code. The secondary non-volatile memory 106 can store a redundant version of the system firmware (referred to as "redundant system firmware" 1 14). The redundant system firmware 1 14 may be an identical copy of the primary system firmware 107, or alternatively, the redundant system firmware 1 14 may be different from the primary system firmware 107 (for example, the redundant system firmware 109 can be an earlier or later version of the system firmware).
[001 1 ] The secondary non-volatile memory 1 16 can be physically separate from the primary non-volatile memory 104 (such as implemented as different physical memory devices). Alternatively, the primary non-volatile memory 104 and the secondary non-volatile memory 1 16 can physically reside on a common memory device, but the primary non-volatile memory 104 and the secondary non-volatile memory 1 16 are in different segments of the physical memory device.
[0012] A switch logic 108 is also provided to selectively connect one of the primary non-volatile memory 104 and secondary non-volatile memory 1 16 to a shared bus 120. The shared bus 120 is accessible by the embedded controller 102 and the processor 106. Although not shown in Fig. 1 , an input/output (I/O) controller may be provided between the processor 106 and the shared bus 120.
[0013] The switch logic 108 is connected over a first link 1 10 to the primary nonvolatile memory 104, and over a second link 1 12 to the secondary non-volatile memory 1 16. The switch logic 108 is controlled by a select signal 122 from the embedded controller 102.
[0014] In some examples, the switch logic 108 can be a
multiplexer/demultiplexer. If the select signal 122 is at a first state, then the switch logic 108 connects the shared bus 120 and the first link 1 10, such that the primary non-volatile memory 104 is accessible over the shared bus 120. If the select signal 122 is at a second, different state, then the switch logic 108 connects the shared bus 120 and the second link 1 12, such that the secondary non-volatile memory 1 16 is accessible over the shared bus 120.
[0015] When accessible over the shared bus, the connected one of the primary and secondary non-volatile memories 104 and 1 16 is a shared non-volatile memory. The non-volatile memory is "shared" in the sense that it is accessible by multiple entities, including the embedded controller 102 and at least one other entity
(including the processor 106).
[0016] The other non-volatile memory that is not connected by the switch logic 108 to the shared bus 120 is inaccessible over the shared bus 120. In some examples, the secondary non-volatile memory 1 16 can be connected to the embedded controller 102 over a private bus 124. The private bus 124 can be used by the embedded controller 102 to copy the redundant system firmware 1 14 (and system data) to the secondary non-volatile memory 1 16 during provisioning of the computing system 100 (such as at the factory or at a service site).
[0017] In other examples, the private bus 124 is omitted.
[0018] In some implementations, the default configuration of the computing system 100 can be one where the switch logic 108 is controlled by the embedded controller 102 to connect the primary non-volatile memory 104 to the shared bus 120, while the secondary non-volatile memory 1 16 is isolated from the shared bus 120 by the switch logic 108. In the default configuration, the primary system firmware 107 is retrievable by the processor 106 and can be executed on the processor 106 to perform system boot or resume.
[0019] In the default configuration, if the private bus 124 is provided, the secondary non-volatile memory 1 16 is accessible by the embedded controller 102, but is inaccessible to the processor 106 or to other components in the computing system 100. Making the secondary non-volatile memory 1 16 inaccessible to the processor 106 and other components in the default configuration protects the content of the secondary non-volatile memory 1 16 from unauthorized tampering.
[0020] In response to detecting that the primary system firmware 107 is compromised, the embedded controller 102 can perform various actions. First, in some implementations, the embedded controller 102 attempts to recover from the compromised system firmware 107 in the primary non-volatile memory 104 by copying the redundant system firmware 1 14 from the secondary non-volatile memory 1 16 to the primary non-volatile memory 104, to replace the compromised system firmware 107 with the redundant system firmware 1 14.
[0021 ] However, in some cases, it may be possible that an error or fault in the computing system 100 (such as a physical fault of the primary non-volatile memory 104 or physical fault of the link 1 10) may prevent the recovery of the system firmware 107 in the primary non-volatile memory 104. In fact, the error or fault in the computing system 100 may have contributed to the detection of compromise of the primary system firmware 107. In such cases, as a failsafe technique, the state of the select signal 122 can be changed to connect the secondary non-volatile memory 1 16 to the shared bus 120, and to isolate the primary non-volatile memory 104 from the shared bus 120. Such a configuration can be referred to as a "secondary
configuration." In the secondary configuration, the redundant system firmware 1 14 is retrievable by the processor 106 and can be executed on the processor 106. [0022] The embedded controller 102 may detect that the recovery of the compromised system firmware 107 is not possible if the embedded controller 102 determines that the embedded controller 102 is unable to successfully write the redundant system firmware 1 14 to the primary non-volatile memory 104, such as due to fault of the primary non-volatile memory 104 or the link 1 10. Alternatively, the embedded controller 102 may detect that the recovery of the compromised system firmware 107 is not possible if the embedded controller 102 performs a recovery operation (to copy the redundant system firmware 1 14 to the primary system firmware 107), and following this recovery operation, the embedded controller 102 again detects that the primary system firmware 107 is still compromised.
[0023] In some implementations, just one entity can have access to the shared bus 120 at any given time, such that just one entity can access the shared nonvolatile memory (the one of the primary and secondary non-volatile memories that is connected to the shared bus 120) at a time. In some examples, the shared bus 120 is a shared Serial Peripheral Interface (SPI) bus. An SPI bus is a synchronous serial data link in which devices on the SPI bus operate in a master-slave mode. In other examples, another type of shared bus 120 can be used. In alternative examples, an arbitration mechanism can be provided to allow for shared access of the bus 120 in various states of the computing system, including a low power state and a normal runtime state.
[0024] In some examples, the system firmware 107 or 1 14 can include a boot block. The boot block is a part of the BIOS code, and is first executed when the computing system 100 starts up. The boot block is executed first before the rest of the BIOS code is allowed to execute. The boot block can be used to check the integrity of the BIOS code as well as to perform other initial functions. If the boot block confirms the integrity of the BIOS code, then the boot block can pass control to the main portion of the BIOS code for initiating the remaining operations associated with the BIOS code.
[0025] In some implementations, the boot block can include core root of trust for measurement (CRTM) logic, which is logic specified by the Trusted Computing Group (TCG), an industry standard work group. During a power on procedure of the computing system 100, the CRTM logic can perform certain initialization tasks and can make a number of measurements that are stored for later use. The CRTM logic can then check the BIOS code before passing control to the main portion of the BIOS code. Once the BIOS code completes execution and passes control to the OS, the OS can verify the trustworthiness of the computing system 100 based on measurements taken by the CRTM logic.
[0026] The embedded controller 102 is physically separate from the processor 106 of the computing system 100. The processor 106 is used for executing the OS, application code, and other code in the system 100. The embedded controller 102, on the other hand, can be used to perform specific predefined tasks. Examples of tasks that can be performed by the embedded controller 102 include any one or some combination of the following: power supply control in the computing system 100 (for controlling a power supply that supplies power supply voltages to various components in the computing system 100), charging and control of a battery in the computing system 100, thermal monitoring (to monitor a temperature in the computing system 100), fan control (to control a fan in the computing system 100), and interaction with a user input device (such as performing a scan of a keyboard of the computing system 100 or interaction with a pointing device such as a mouse, touchpad, touchscreen, and so forth). The embedded controller 102 can be implemented with a microcontroller, an application-specific integrated circuit (ASIC), a programmable gate array (PGA), or any other type of programmable circuit.
[0027] The embedded controller 102 includes a processing circuit 126 that is able to perform the specified tasks of the embedded controller 102. The processing circuit 126 includes hardware circuitry. In some examples, the processing circuit 126 can execute machine-readable instructions, such as in the form of an embedded controller firmware (EC firmware) or other controller code. Note that the EC firmware may be initially stored in the primary or secondary non-volatile memory 104 or 1 16, and can be loaded into the embedded controller 102 for execution. Alternatively, it is noted that controller code executable on the embedded controller 102 can
alternatively be application software that can be in the form of machine-readable instructions. In the ensuing discussion, although reference is made to "EC
firmware," it is noted that techniques or mechanisms can be applied to other forms of the controller code 108.
[0028] Fig. 2 is a flow diagram of a process according to some implementations. The processing circuit 126 in the embedded controller 102 determines (at 202), during a period in which the processor 106 is not accessing the primary non-volatile memory 104 (such as due to the processor 106 being disabled or otherwise being idle), whether the primary system firmware 107 stored in the primary non-volatile memory 104 is compromised and the embedded controller 102 is unable to recover the compromised primary system firmware 107 (as discussed above). The processor 106 being disabled refers to the processor 106 being in a powered off state (no power is provided to the main processing part of the processor 106) or in a reset state (e.g. a reset signal to the processor 106 is asserted that prevents the processor 106 from executing machine-readable instructions).
[0029] In response to determining that the primary system firmware 107 is compromised and un-recoverable, the processing circuit 126 changes the state of the select signal 122 to activate (at 204) the switch logic 108 to connect the secondary non-volatile memory 1 16 to the shared bus 120 and to disconnect the primary non-volatile memory 104 from the shared bus 120.
[0030] Upon connection by the switch logic 108 to the shared bus 120, the secondary non-volatile memory 1 16 becomes accessible by the processor 106, which can retrieve the redundant system firmware 1 14 from the secondary nonvolatile memory 1 16 for execution (at 206) at the processor 106. By being able to perform the switch from the primary non-volatile memory 104 to the secondary nonvolatile memory 1 16, a user is allowed to continue to use the computing system 100 despite the primary system firmware 107 being unusable.
[0031 ] Subsequently, the user can be warned that there has been a failure that prevented use of the primary system firmware 107 in the primary non-volatile memory 104, and that the computing system is currently running the redundant system firmware 1 14 in the secondary non-volatile memory 1 16. A service event should be scheduled to address this condition. While running in this condition, the computing system does not have the additional level of protection against
compromise of the system firmware that is provided when the secondary non-volatile memory 1 16 provides the redundant system firmware to the primary system firmware in the primary non-volatile memory 104. As a result, there may be a risk that the computing system may become disabled if the system firmware in the secondary non-volatile memory 1 16 becomes compromised (since there is no redundancy at this point).
[0032] The determination (at 202) of whether system firmware has been compromised can be based on performing verifying of the system firmware.
Verifying a piece of code, such as the system firmware, can refer to cryptographically validating that the piece of code has not been changed and/or confirming that the piece of code is from a trusted source.
[0033] The verifying of the system firmware can be performed by the embedded controller 102 prior to each instance of restarted execution of the system firmware (from the primary or secondary non-volatile memory) by the processor 106, such as due to a cold reset of the computing system 100, a resume from a low power state of the computing system 100, an operating system restart, and so forth. It is noted that the system firmware can also be verified by the embedded controller 102 each time the computing system 100 enters a low power state. In other examples, the embedded controller 102 can also verify the system firmware when the processor 106 remains powered.
[0034] A low power state of the computing system 100 refers to a state of the computing system 100 in which the processor 106 and certain other hardware components of the system 100 are off (e.g. no power is provided to the main processing part of the processor and certain other hardware components). In the low power state, power can still be provided to the embedded controller 102. The computing system 100 can transition to a low power state in any of the following scenarios: (1 ) as part of a cold reset of the computing system 100 that caused the system 100 to be powered off for subsequent power on, or (2) as part of a power savings procedure, in which the computing system 100 can transition from a normal operating state to a sleep state, hibernation state, or an off state after a time period of inactivity, or in response to detecting a low battery condition, or in response to user or application command, or for another reason, or (3) in any other scenario.
[0035] Examples of low power states can include certain Advanced Configuration and Power Interface (ACPI) states, including: the ACPI S3 state (which is a form of a standby or sleep state in which the system context of the computing system 100 is maintained in volatile memory that remains powered while some components of the computing system 100 are powered off); the ACPI S4 state (which is a form of hibernation state in which the system context is saved to persistent storage to allow power to be removed from additional computing system components, including volatile memory); and the ACPI S5 state (which is a form of system off state, in which power has been removed from even more components of the computing system 100).
[0036] In further examples, the embedded controller 102 can perform verification of the system firmware in response to a warm reset of the computing system 100, in which a computing system 100 is restarted without removing power to the computing system 100. To allow the embedded controller 102 to perform the verification in response to the warm reset, the computing system 100 can be forced to transition to an appropriate low power state (such as certain ones of the low power states listed above) when the warm reset is detected.
[0037] In other examples, the embedded controller 102 can perform the verification at any time, even when the computing system is not in a low power state. For example, the embedded controller 102 can perform the verification when the processor is idle or not accessing the primary non-volatile memory 104. The verification by the embedded controller 102 can also be performed in "real-time," as the system firmware is retrieved for execution by the processor.
[0038] Fig. 3 is a block diagram of a computing system 100 according to further implementations. The computing system 100 of Fig. 3 includes an input/output (I/O) controller 302, which is connected between the processor 106 and the shared bus 120. In some examples, the I/O controller 302 can be a Platform Controller Hub (PCH) from Intel Corporation. The PCH can include various functions, including a display interface to a graphics subsystem, a system bus interface to a system bus to which various I/O devices can be connected, and so forth. In other examples, other types of I/O controllers can be used.
[0039] As depicted in Fig. 3, the embedded controller 102 is coupled to a user input device 301 (e.g. a mouse device or other type of input device), a keyboard 302, a fan 303, a battery 304, and a power supply 305, to manage the respective devices (under control of EC firmware executing in the embedded controller 102). The EC firmware executing in the embedded controller 102 can be loaded from the primary or secondary non-volatile memory 104 or 1 16.
[0040] In some examples, the system firmware 107 in the primary non-volatile memory 104 includes a boot block 306. The boot block 306 can include EC firmware 307. In other examples, the EC firmware 307 can be separate from the system firmware 107. Similarly, the secondary system firmware 1 14 in the secondary nonvolatile memory 1 16 includes a boot block 308 and EC firmware 309.
[0041 ] In the Fig. 3 example, the embedded controller 102 includes cryptographic hardware 312, which can perform cryptographic computations, such as those used in the verifying of EC firmware and system firmware. The cryptographic hardware 312 can be in the form of circuitry that is configured to perform cryptographic
computations.
[0042] The embedded controller 102 further includes a read-only memory (ROM) 314, which can be used to store a boot loader 316 and an encryption key 318. The encryption key 318 can be the key (public key or private key) used to perform verification of the EC firmware (307 or 309). During system startup, the boot loader 316 is loaded from the ROM 314 to execute in the embedded controller 102 to retrieve EC firmware from the primary or secondary non-volatile memory 104 or 1 16 into a random access memory (RAM) 319 of the embedded controller 102. The boot loader 316 can take steps to ensure that no other entity except the embedded controller 102 has access to the shared bus 120 during the EC firmware load operation.
[0043] To retrieve an EC firmware for loading into the embedded controller 102, the boot loader 316 can find a pointer (or other reference) to an EC firmware image, which can be stored in the primary or secondary non-volatile memory 104 or 1 16.
[0044] The retrieved EC firmware is verified by verification logic in the embedded controller 102, where the verification logic can include functionality in the boot loader 316 that is able to invoke the cryptographic hardware 312 to assist in performing cryptographic computations.
[0045] The verification of the EC firmware retrieved from a non-volatile memory (104 or 1 16) can be performed during an initialization procedure of the embedded controller 102. An initialization procedure of the embedded controller 102 refers to a procedure that is performed when the embedded controller 102 first starts after the embedded controller 102 has been reset or after a power cycle of the embedded controller 102 (where power is removed from and then re-applied to the embedded controller 102).
[0046] Once the EC firmware is verified and loaded for execution on the embedded controller 102, the EC firmware can verify system firmware (107 or 1 14) prior to each restarted execution of the system firmware by the processor 106.
[0047] In the primary non-volatile memory 104, a signature 322 is associated with the EC firmware 108, and a signature 324 is associated with the boot block 306. Similarly, in the secondary non-volatile memory 1 16, a signature 340 is associated with the EC firmware 309, and a signature 342 is associated with the boot block 308. The signature 322 or 340 is used in the verification of the respective EC firmware 307 or 309, while the signature 340 or 342 is used in the verification of the respective boot block 306 or 308. Use of a signature in the verification process can allow a determination of the authenticity of the respective EC firmware or boot block, and a determination that the respective EC firmware or boot block has not been
compromised. [0048] In some implementations, the verification of the EC firmware 307 or 309 can be accomplished by decrypting the respective signature 322 or 340 using the encryption key 318 stored in the embedded controller ROM 314. Decrypting the signature produces a respective value (e.g. hash value) that can be compared with a corresponding calculated value (e.g. hash value) of the EC firmware. If the foregoing values match, then the EC firmware is verified. A similar process can be used for verifying the BIOS boot block 306 or 308 using the respective digital signature 324 or 342.
[0049] Each of the primary and secondary non-volatile memories 104 and 1 16 can also store system data 336 or 338 that relates to configuration of various aspects of the computing system 100. For example, the system data 336 or 338 can include machine unique data, network interface controller data, layout descriptor data, and so forth.
[0050] The network interface controller data can include configuration data of a network interface controller (that is used to perform communications over a network). The layout descriptor data can include information that describes a layout of the primary and secondary non-volatile memories 104 and 1 16, and configuration parameters for the I/O controller 302.
[0051 ] The machine unique data can refer to any data or settings that are unique to each particular computing system. Examples of machine unique data can include any or some combination of the following: product name, product model, stock- keeping unit (SKU) number (for identifying the respective computing system for sale), a serial number of the computing system, a system or commodity tracking number (for identifying a system board of the computing system), a system
configuration identifier (for identifying a configuration of the computing system), warranty data (for describing a warranty associated with the computing system), a universally unique identifier (UUID), a default setting of BIOS code, and so forth. The foregoing is provided as examples of machine unique data; in other examples, other or additional types of machine unique data can be provided. [0052] By using techniques or mechanisms according to some implementations, a computing system is able to continue operation even in the event of a system fault or error that prevents recovery of the system firmware in the primary non-volatile memory. The ability to continue operation does not have to involve manual intervention by a human.
[0053] Machine-readable instructions, such as those executable in the
embedded controller 102 or the processor 106 can be loaded from a machine- readable or computer-readable storage medium (or storage media).
[0054] The storage media can include different forms of memory including semiconductor memory devices such as dynamic or static random access memories (DRAMs or SRAMs), erasable and programmable read-only memories (EPROMs), electrically erasable and programmable read-only memories (EEPROMs) and flash memories; magnetic disks such as fixed, floppy and removable disks; other magnetic media including tape; optical media such as compact disks (CDs) or digital video disks (DVDs); or other types of storage devices. Note that the instructions discussed above can be provided on one computer-readable or machine-readable storage medium, or alternatively, can be provided on multiple computer-readable or machine-readable storage media distributed in a large system having possibly plural nodes. Such computer-readable or machine-readable storage medium or media is (are) considered to be part of an article (or article of manufacture). An article or article of manufacture can refer to any manufactured single component or multiple components. The storage medium or media can be located either in the machine running the machine-readable instructions, or located at a remote site from which machine-readable instructions can be downloaded over a network for execution.
[0055] In the foregoing description, numerous details are set forth to provide an understanding of the subject disclosed herein. However, implementations may be practiced without some or all of these details. Other implementations may include modifications and variations from the details discussed above. It is intended that the appended claims cover such modifications and variations.

Claims

What is claimed is: 1 . A controller for use in a system, comprising:
a processing circuit to:
determine whether system boot code stored in the first non-volatile memory is compromised and non-recoverable, wherein the first non-volatile memory is initially accessible over a shared bus by the controller and the processor; and
in response to determining that the system boot code is compromised and non-recoverable, activate switch logic to connect a second non-volatile memory to the shared bus and to disconnect the first non-volatile memory from the shared bus, wherein the second non-volatile memory upon connection by the switch logic to the shared bus is accessible by the processor to retrieve redundant system boot code from the second non-volatile memory.
2. The controller of claim 1 , wherein prior to activating of the switch logic to connect the second non-volatile memory to the shared bus, the second non-volatile memory is isolated from the shared bus.
3. The controller of claim 1 , wherein after activating of the switch logic to connect the second non-volatile memory to the shared bus, the first non-volatile memory is isolated from the shared bus.
4. The controller of claim 1 , wherein the determining of whether the system boot code is compromised is performed upon entry of the system into a low power state or prior to each instance of restarting of the system boot code at the processor.
wherein the controller has read-only memory storing a cryptographic key.
5. The controller of claim 4, wherein the determining of whether the system boot code is compromised uses a cryptographic key at the controller.
6. The controller of claim 1 , wherein the controller is an embedded controller.
7. The controller of claim 1 , wherein the determining of whether the system boot code is compromised includes determining whether a boot block is compromised.
8. The controller of claim 1 , further comprising controller code that upon execution in the controller causes the controller to perform at least one selected from among: power supply control in the system, thermal monitoring in the system, fan control in the system, battery charging and control in the system, and interaction with a user input device
9. The controller of claim 1 , further comprising verification logic to verify controller code stored in the first or second non-volatile memory.
10. The controller of claim 9, wherein the processing circuit is to load the controller code from the first non-volatile memory in response to the verifying, and wherein the controller code is executable on the processing circuit to perform the determining and the activating.
1 1 . A system comprising:
a processor;
a bus;
switch logic connected to the bus;
a first non-volatile memory to store primary system boot code;
a second non-volatile memory to store redundant system boot code, wherein the switch logic initially is to connect the first non-volatile memory to the bus, and wherein the processor initially has access to the primary system boot code over the bus;
an embedded controller to:
determine whether the primary system boot code stored in the first non-volatile memory is compromised and non-recoverable; and
in response to determining that the system boot code is compromised and non-recoverable, activate the switch logic to connect the second non-volatile memory to the bus and to disconnect the first non-volatile memory from the bus, wherein the second non-volatile memory upon connection by the switch logic to the bus is accessible by the processor to retrieve the redundant system boot code from the second non-volatile memory for execution on the processor.
12. The system of claim 1 1 , wherein the system boot code includes at least a part of a basic input/output system (BIOS) code.
13. The system of claim 1 1 , wherein the embedded controller is to determine that the system boot code is compromised during a time period in which the processor is not accessing the first non-volatile memory.
14. The system of claim 1 1 , wherein each of the first and second non-volatile memories are to further store system data relating to configuration of aspects of the system.
15. A method comprising:
determining, by a controller, whether system boot code stored in a first non- volatile memory is compromised and non-recoverable due to a physical failure in a system, wherein the first non-volatile memory is initially accessible by the controller and the processor over a shared bus, and wherein the system further includes a second non-volatile memory that is initially a private non-volatile memory accessible by the controller and inaccessible by the processor;
in response to determining that the system boot code in the first non-volatile memory is compromised and non-recoverable, activating switch logic to connect the second non-volatile memory to the shared bus and to disconnect the first non-volatile memory from the shared bus; and
executing system boot code retrieved from the second non-volatile memory on the processor after the activating of the switch logic.
EP13882693.8A 2013-04-23 2013-04-23 Redundant system boot code in a secondary non-volatile memory Active EP2989579B1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2013/037725 WO2014175862A1 (en) 2013-04-23 2013-04-23 Redundant system boot code in a secondary non-volatile memory

Publications (3)

Publication Number Publication Date
EP2989579A1 true EP2989579A1 (en) 2016-03-02
EP2989579A4 EP2989579A4 (en) 2016-11-30
EP2989579B1 EP2989579B1 (en) 2018-06-06

Family

ID=51792251

Family Applications (1)

Application Number Title Priority Date Filing Date
EP13882693.8A Active EP2989579B1 (en) 2013-04-23 2013-04-23 Redundant system boot code in a secondary non-volatile memory

Country Status (5)

Country Link
US (1) US9785596B2 (en)
EP (1) EP2989579B1 (en)
CN (1) CN105122262B (en)
TW (1) TWI530790B (en)
WO (1) WO2014175862A1 (en)

Families Citing this family (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9990255B2 (en) 2013-04-23 2018-06-05 Hewlett-Packard Development Company, L.P. Repairing compromised system data in a non-volatile memory
WO2014175867A1 (en) 2013-04-23 2014-10-30 Hewlett-Packard Development Company, L.P. Verifying controller code and system boot code
WO2014175861A1 (en) * 2013-04-23 2014-10-30 Hewlett-Packard Development Company, L.P. Recovering from compromised system boot code
CN104657233A (en) * 2015-01-28 2015-05-27 加弘科技咨询(上海)有限公司 Backup restoration method and system for BIOS (Basic Input Output System) boot block in X86 system
DE102015108504B4 (en) 2015-05-29 2019-05-02 Fujitsu Client Computing Limited Method for safely booting a computer system and computer system
FR3043229B1 (en) 2015-11-03 2018-03-30 Proton World International N.V. SECURE STARTING OF AN ELECTRONIC CIRCUIT
FR3043228B1 (en) 2015-11-03 2018-03-30 Proton World International N.V. STARTING THE CONTROL OF AN ELECTRONIC CIRCUIT
US10223217B2 (en) * 2015-11-24 2019-03-05 Ricoh Company, Ltd. Information processing device, method for booting information processing device, and non-transitory recording medium
US9928367B2 (en) * 2015-12-03 2018-03-27 Hewlett-Packard Development Company, L.P. Runtime verification
US10019577B2 (en) * 2016-04-14 2018-07-10 Dell Products, L.P. Hardware hardened advanced threat protection
JP6740789B2 (en) * 2016-08-03 2020-08-19 富士通株式会社 Storage control device and storage device management program
US10515218B2 (en) * 2016-10-01 2019-12-24 Intel Corporation Systems, apparatuses, and methods for platform security
CN108399328B (en) * 2017-02-08 2021-04-27 新唐科技股份有限公司 System memory content authentication apparatus and method
CN108228387B (en) * 2017-12-27 2019-11-05 中兴通讯股份有限公司 A kind of starting control method, electronic equipment and computer readable storage medium
US11068599B2 (en) * 2018-12-19 2021-07-20 Dell Products, L.P. Secure initialization using embedded controller (EC) root of trust
US10853179B2 (en) * 2018-12-21 2020-12-01 Dell Products L.P. Information handling system and method for restoring firmware in one or more regions of a flash memory device
US11418335B2 (en) 2019-02-01 2022-08-16 Hewlett-Packard Development Company, L.P. Security credential derivation
WO2020167283A1 (en) 2019-02-11 2020-08-20 Hewlett-Packard Development Company, L.P. Recovery from corruption
EP3792801B1 (en) * 2019-09-11 2022-11-09 Secure Thingz Limited A processor system
JP6918994B2 (en) * 2020-01-09 2021-08-11 レノボ・シンガポール・プライベート・リミテッド Information processing device and information processing method
TWI722852B (en) * 2020-03-30 2021-03-21 技嘉科技股份有限公司 Solid-state disk and startup method
WO2021216046A1 (en) * 2020-04-21 2021-10-28 Hewlett-Packard Development Company, L.P. Bios updates
US20230205545A1 (en) * 2020-05-29 2023-06-29 Hewlett-Packard Development Company, L.P. Bios configurations via provisioning devices
FR3111441B1 (en) 2020-06-10 2022-08-05 Proton World Int Nv Secure start of an electronic circuit
TWI760805B (en) * 2020-07-31 2022-04-11 廣達電腦股份有限公司 Autonomous driving system with dual secure boot
US20220100504A1 (en) * 2020-09-25 2022-03-31 Advanced Micro Devices, Inc. Shared data fabric processing client reset system and method
JP7011697B1 (en) 2020-10-09 2022-01-27 レノボ・シンガポール・プライベート・リミテッド Information processing equipment and information processing method
US20220197746A1 (en) * 2020-12-18 2022-06-23 Advanced Micro Devices, Inc. Combination bios with a/b recovery
US11809876B2 (en) * 2021-04-29 2023-11-07 Dell Products L.P. Trusted platform module protection for non-volatile memory express (NVMe) recovery
US11487621B1 (en) * 2021-04-29 2022-11-01 Dell Products L.P. Linking embedded controller with memory reference code and system bios shadowing
US11803454B2 (en) * 2021-04-30 2023-10-31 Dell Products L.P. Chained loading with static and dynamic root of trust measurements

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2940480B2 (en) 1996-07-05 1999-08-25 日本電気株式会社 Computer system
TW480444B (en) 2000-11-29 2002-03-21 Mitac Technology Corp Computer system boot-up method capable of completing the startup procedure even the system BIOS code is damaged
TWI280487B (en) 2004-12-15 2007-05-01 Via Tech Inc Power-on method for computer system with hyper-threading processor
US7340595B2 (en) 2005-01-07 2008-03-04 International Business Machines Corporation Multiplex execution-path system
US7193895B2 (en) 2005-06-24 2007-03-20 Chingis Technology Corporation Redundant memory content substitution apparatus and method
DE102006043636A1 (en) 2006-09-18 2008-03-27 Fujitsu Siemens Computers Gmbh Computer system and method for updating program code
US7613872B2 (en) 2006-11-28 2009-11-03 International Business Machines Corporation Providing core root of trust measurement (CRTM) for systems using a backup copy of basic input/output system (BIOS)
US8190950B2 (en) 2007-12-21 2012-05-29 Atmel Corporation Dynamic column redundancy replacement
DE102008011925B4 (en) * 2008-02-29 2018-03-15 Globalfoundries Inc. Safe initialization of computer systems
TWI411959B (en) * 2008-03-21 2013-10-11 Asustek Comp Inc Computer system with dual boot-program area and method of booting the same
US20090248955A1 (en) 2008-03-31 2009-10-01 Satoru Tamada Redundancy for code in rom
TW201007465A (en) 2008-08-13 2010-02-16 Ene Technology Inc A sharable memory architecture of cache in a embedded controller and a method of sharing memory
US8103909B2 (en) 2008-09-15 2012-01-24 Juniper Networks, Inc. Automatic hardware-based recovery of a compromised computer
TWI386852B (en) * 2008-10-24 2013-02-21 Wistron Corp System for switching bios and method thereof
TW201017407A (en) 2008-10-31 2010-05-01 Ind Tech Res Inst Nonvolatile data storage system and method thereof
US8151101B2 (en) 2008-11-06 2012-04-03 Lenovo (Singapore) Pte. Ltd. Method, apparatus, and system for quiescing a boot environment
TW201133342A (en) 2010-03-30 2011-10-01 Hon Hai Prec Ind Co Ltd Method for integrating OS into BIOS chip, and method for booting the OS
US8732527B2 (en) * 2011-08-16 2014-05-20 Google Inc. Secure recovery apparatus and method

Also Published As

Publication number Publication date
CN105122262B (en) 2018-06-05
TW201502790A (en) 2015-01-16
US20160055113A1 (en) 2016-02-25
WO2014175862A1 (en) 2014-10-30
TWI530790B (en) 2016-04-21
US9785596B2 (en) 2017-10-10
EP2989579A4 (en) 2016-11-30
CN105122262A (en) 2015-12-02
EP2989579B1 (en) 2018-06-06

Similar Documents

Publication Publication Date Title
US11520894B2 (en) Verifying controller code
US9785596B2 (en) Redundant system boot code in a secondary non-volatile memory
US9880908B2 (en) Recovering from compromised system boot code
US9734339B2 (en) Retrieving system boot code from a non-volatile memory
US10089472B2 (en) Event data structure to store event data
US9852298B2 (en) Configuring a system
EP2989547B1 (en) Repairing compromised system data in a non-volatile memory
JP5767751B2 (en) Method, computing platform, and program for verifying BIOS
US9928367B2 (en) Runtime verification

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20151012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAX Request for extension of the european patent (deleted)
REG Reference to a national code

Ref country code: DE

Ref legal event code: R079

Ref document number: 602013038724

Country of ref document: DE

Free format text: PREVIOUS MAIN CLASS: G06F0021000000

Ipc: G06F0013400000

A4 Supplementary search report drawn up and despatched

Effective date: 20161031

RIC1 Information provided on ipc code assigned before grant

Ipc: G06F 11/14 20060101ALI20161025BHEP

Ipc: G06F 13/40 20060101AFI20161025BHEP

Ipc: G06F 21/57 20130101ALI20161025BHEP

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

INTG Intention to grant announced

Effective date: 20180202

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE PATENT HAS BEEN GRANTED

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

Ref country code: AT

Ref legal event code: REF

Ref document number: 1006847

Country of ref document: AT

Kind code of ref document: T

Effective date: 20180615

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602013038724

Country of ref document: DE

REG Reference to a national code

Ref country code: NL

Ref legal event code: MP

Effective date: 20180606

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG4D

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180906

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

Ref country code: NO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180906

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180907

Ref country code: RS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 1006847

Country of ref document: AT

Kind code of ref document: T

Effective date: 20180606

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20181006

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

Ref country code: SM

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 602013038724

Country of ref document: DE

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20190307

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: AL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

REG Reference to a national code

Ref country code: BE

Ref legal event code: MM

Effective date: 20190430

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190423

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190430

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190430

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190430

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190430

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190423

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20181008

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO

Effective date: 20130423

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20180606

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20240320

Year of fee payment: 12

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20240320

Year of fee payment: 12